0.25.0-rc1

Author: xhanulik

.appveyor.yml

@@ -1,4 +1,4 @@
-version: 0.24.0.{build}
+version: 0.25.0.{build}
 
 platform:
   - x86

NEWS

@@ -1,5 +1,44 @@
 NEWS for OpenSC -- History of user visible changes
 
+# New in 0.25.0; 2024-02-XX
+## Security
+* [CVE-2023-5992](https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992): Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC (#2948)
+* [CVE-2024-1454](https://github.com/OpenSC/OpenSC/wiki/CVE-2024-1454): Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init (#2962)
+
+## General improvements
+* Update OpenSSL 1.1.1 to 3.0 in MacOS build (#2930)
+* Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver (#2885)
+* Fix 64b to 32b conversions (#2993)
+* Improvements for the p11test (#2991)
+* Fix reader initialization without SCardControl (#3007)
+* Make RSA PKCS#1 v1.5 depadding constant-time (#2948)
+* Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card (#2975)
+* Enable MSI signing via Signpath CI integration for Windows (#2799)
+* Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
+
+## minidriver
+* Fix wrong hash selection (#2932)
+
+## pkcs11-tool
+* Simplify printing EC keys parameters (#2960)
+* Add option to import GENERIC key (#2955)
+* Add support for importing Ed25518/448 keys (#2985)
+## IDPrime
+* Support uncompressed certificates on IDPrime 940 (#2958)
+* Enhance IDPrime logging (#3003)
+## D-Trust Signature Cards
+* Add support for RSA D-Trust Signature Card 4.1 and 4.4 (#2943)
+## EstEID
+* Remove expired EstEID 3.* card support (#2950)
+## ePass2003
+* Allow SW implementation with more SHA2 hashes and ECDSA (#3012)
+## SmartCard-HSM
+* Fix SELECT APDU command (#2978)
+## MyEID
+* Update for PKCS#15 profile (#2965)
+## Rutoken
+* Support for RSA 4096 key algorithm (#3011)
+
 # New in 0.24.0; 2023-12-13
 ## Security
 * CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807)

SECURITY.md

@@ -9,8 +9,8 @@ backport security fixes into them. Only the last release is supported.
 
 | Version  | Supported          |
 | -------- | ------------------ |
-| 0.24.0   | :white_check_mark: |
-| < 0.24.0 | :x:                |
+| 0.25.0   | :white_check_mark: |
+| < 0.25.0 | :x:                |
 
 ## Reporting a Vulnerability
 

configure.ac

@@ -7,9 +7,9 @@ define([PRODUCT_TARNAME], [opensc])
 define([PRODUCT_BUGREPORT], [https://github.com/OpenSC/OpenSC/issues])
 define([PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
 define([PACKAGE_VERSION_MAJOR], [0])
-define([PACKAGE_VERSION_MINOR], [24])
+define([PACKAGE_VERSION_MINOR], [25])
 define([PACKAGE_VERSION_FIX], [0])
-define([PACKAGE_SUFFIX], [])
+define([PACKAGE_SUFFIX], [-rc1])
 
 define([VS_FF_LEGAL_COPYRIGHT], [OpenSC Project])
 define([VS_FF_LEGAL_COMPANY_NAME], [OpenSC Project])
@@ -46,10 +46,9 @@ OPENSC_VS_FF_PRODUCT_URL="VS_FF_PRODUCT_URL"
 #   (Code changed:                      REVISION++)
 #   (Oldest interface changed/removed:  OLDEST++)
 #   (Interfaces added:                  CURRENT++, REVISION=0)
-OPENSC_LT_CURRENT="10"
-OPENSC_LT_OLDEST="8"
-OPENSC_LT_REVISION="1"
-OPENSC_LT_AGE="0"
+OPENSC_LT_CURRENT="11"
+OPENSC_LT_OLDEST="11"
+OPENSC_LT_REVISION="0"
 OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))"
 
 AC_CONFIG_SRCDIR([src/libopensc/sc.c])